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Field of the Invention 

The present invention relates to protocols for 
communication of data messages between electronic 
apparatuses. More particularly, the present invention 
relates to a method for providing authentication and 
integrity protection when a synchronization protocol for 
data communication is utilized for communication of data 
between e.g. a client and a server. Also, the present 
invention relates to a server and client adapted to provide 
authentication and integrity protection according to the 
method of the invention. 



Description of the Related Art 

In some situations it is preferred to communicate 
data between a client and a server using a standardized 
synchronization protocol. By utilizing the synchronization 

20 protocol it is possible to provide data communication 
between electronic apparatuses from different 
manufacturers. With the SyncML initiative a standardized 
data synchronization protocol is provided, which 
facilitates communication of data between user apparatuses 

25 of different manufacturers. Examples of a client as 

disclosed above is an electronic communication apparatus 
such as a mobile telephone, a pager, an electronic 
organizer, a smartphone or the like. 

One example of a situation where this possibility is 

30 useful is when a device management session is to be 

established between an apparatus and a server using a 
synchronization protocol such as e.g. SyncML (SyncML-DM 
(SyncML-Device Management) or SyncML-DS (SyncML-Data 
Synchronization)). If there are any problems with the 

35 apparatus it can be connected to the server through a wire 
or wireless communication link. By connecting the apparatus 
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to the server, a remote repairer can get access to the 
apparatus through the connection. However, the repairer may 
want to authenticate the apparatus before he/she starts 
repairing the apparatus. Also, in another situation the 
5 apparatus may need to verify an authentication made by a 

repairer to avoid unauthorized access to the user apparatus 
by a third party, such as a hacker. 

Further, in many situations it is also preferred to 
provide integrity protection of the data sent between the 
10 communication apparatus and the server. 

In the SyncML-DM specification the following security 
mechanisms are specified: 

• Server authentication 

• Client authentication 
15 • Integrity protection 

• (Confidentiality) 

In the known art security protection, i.e. said 
security mechanisms, is based on the use of a combination 
of transport level and SyncML level security as indicated 

20 in Table 1 of Fig. 3, which shows security mechanisms per 
protocol layer. As should be noted, confidentiality is 
mentioned in the Sync ML specification. However, it is not 
a requirement for the SyncML-DM. 

From table 1 of Fig. 3it can be concluded that there 

25 are strong requirements for client authentication and 
integrity protection at SyncML level since there are 
scenarios where there are no alternatives, such as with a 
SyncML .protocol combined with an Obex transport protocol 
and a Cable or IrDa bearer layer. Also, server 

30 authentication and confidentiality are useful but not 
essential . 

Presently/ the SyncML specification specifies an 
authentication protocol that can be used for both client 
and server authentication. 
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The main problem with SyncML security is that it is 
based on a combination of username and password. This has 
two major disadvantages as it gives weak security and it 
forces the user to handle yet another password. Also, it is 

5 difficult to generate good integrity protection keys from a 
password, as the . entropy of a password is too small. 40-128 
random bits is normal for generating a good integrity key. 
Using a password, this would require 50-70 symbols in a 
password typed on a keyboard to derive a sufficiently 

10 amount of random bits. 

Summary of the Invention 

It is an object of the invention to provide a 
flexible method for providing at least client 

15 authentication, when a synchronization protocol such as 

SyncML-DM/DS is utilized for communicating messages between 
the client and a server. More specifically, it is an object 
of the invention to provide client authentication in a more 
flexible manner than previously known wherein neither 

20 username nor password is necessary. Yet another object is 
to execute client authentication based on the specific 
authentication capabilities of the client. Also, it is an 
object of the invention to provide integrity protection, in 
addition authentication, using good integrity protection 

25 keys. It is preferred to render possible the use of a 

number of different known authentication methods to be used 
with the synchronization protocol. Finally, it is an object 
of the invention to also provide server authentication in 
addition to client authentication and integrity protection. 

30 The above objects are achieved in that an 

authentication protocol of the synchronization protocol is 
utilized for providing an authentication method indicator 
(AMI ) The AMI ■ are incorporated in a meta command of the 
synchronization protocol for indicating the specific type 

35 of authentication method used in each particular case. The 
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authentication method may be preset, or individually 
determined by the server based on an initialization message 
sent by the apparatus for indicating e.g. its 
authentication capabilities, and establishing a connection. 
5 Any data relating to the determined authentication method 
are incorporated in a data string of the protocol when 
messages are communicated. 

According to the invention, it is a further object to 
provide a client, such as an electronic communication 

10 apparatus,, adapted to provide at least client 

authentication when the synchronization protocol is used 
for communicating messages to the server. 

According to the invention, the above objects are 
achieved by an electronic communication apparatus adapted 

15 to indicate e.g. its authentication capabilities to the 

server in an initialization message. Further, the apparatus 
is adapted to execute authentication according to the 
authentication technique indicated by the AMI of a message 
received from the server. Also, the apparatus is adapted to 

20 generate a response to the message to be transmitted to the 
server. For providing integrity protection, the apparatus 
is adapted .to generate good integrity protection keys 
according to the indicated method. 

A further object of the invention is to provide a 

25 server adapted to provide at least client authentication 
using any of a number of known authentication techniques 
based on the authentication capabilities of the apparatus. 

The above objects are achieved by a server adapted to 
receive the initialization message (for client 

30 authentication) or send an initialization message (for 

server authentication) . The server is adapted to determine 
the specific authentication method to be used based on the 
authentication capabilities of the apparatus. Further, the 
server i s adapted to execute authentication according to 

35 the determined authentication method or according to a 
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preset authentication method, which is incorporated in the 
AMI of the message. Also, the server is adapted to 
incorporate any authentication data relating to the 
specified authentication method in a data string of the 
message. To provide integrity protection, the server is 
adapted to generate an IK according to the authentication 
method/scheme used . 

A further aspect of the invention is to utilize good 
integrity keys (IK) generated by the server and client, 
respectively, which will provide integrity protection in 
addition to authentication. The integrity key is generated 
according to the authentication scheme used or separately 
by the server or the client. The authentication 
method/scheme may be GSM SIM, UMTS USIM, Secureld, 
Safeword, WPKI, WIM, etc. Further, USIM authentication have 
the advantage of providing mutual authentication, i.e. 
server authentication and client authentication in addition 
to integrity protection. 

The method according to the invention has the 
advantage of being flexible, as more than one 
authentication method may be used when the SyncML-DM/DS 
protocol is utilized for transmitting data messages between 
the apparatus and the server. Also, now user name or user 
identity is necessary for carrying out client and/or server 
authentication. Further, good integrity keys may be derived 
from the authentication scheme to provide integrity 
protection independently from any user name or user id. By 
utilizing the method of the invention, anti-replay 
protection may be provided without the need for 
synchronized counters in both client and server. 

Further preferred features of the invention are 
defined in the dependent claims. 

It should be emphasized that the term 
"comprises/comprising" when used in this specification is 



WO 03/077581 




PCT7EP03/01474 



6 



taken to specify the presence of stated features, integers, 
steps, components or groups thereof. 

Brief Description of the Drawings 

5 Preferred embodiments of the present invention will 

now be described in more detail with reference to the 
accompanying drawings, in which: 

Fig- 1 shows a mobile telephone connected to a number 
of servers, which are adapted to provide authentication 
10 according to the invention; 

Fig. 2 is a flow chart of an exemplifying 
authentication process according to the invention; 

Fig. 3 is a table showing security mechanisms per 

protocol layer; 
15 Fig. 4 illustrates variables and the message flow 

between an electronic user equipment and a server in a SIM 

authentication scenario; and 

Fig. 5 illustrates variables and the message flow 

between an electronic user equipment and a server in a USIM 
20 authentication scenario. 

Detailed Description of Embodiments 

The present invention provides a method for client 
25 authentication and integrity protection of communicated 
data between e.g. a client, such as an electronic user 
apparatus, and a server when a standardized synchronization 
protocol such as SyncML-DM/DS is used. 

A mobile telephone 1 is an example of an electronic 
30 user apparatus. For convenience, reference will therefore 
be made to a mobile telephone 1 throughout this 
description. However, this is only for exemplifying 
purposes and is not considered to limit the scope of the 
invention . 
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An exemplary mobile telephone 1 comprising in a 
normal fashion a display 10, a keypad 11, a loudspeaker 12, 
and a microphone 13 is shown in Fig. 1. The components 
together form a man-machine interface, through which a user 

5 of the mobile telephone 1 may interact with and operate the 
mobile telephone 1. Further, the mobile telephone 1 
comprises an antenna 14 for establishing a wireless 
communication link 20 with a mobile telecommunication 
network 21. The mobile telecommunication network 21 may 

10 e.g. be a GSM network ("Global System for Mobile 

communications") or a UMTS network ("Universal Mobile 
Telephone System"). The mobile telephone i is adapted to 
communicate data through the mobile telecommunication 
network 21 using a standardized synchronization protocol 

15 such as SyncML-DM/DS. Data can be communicated through a 
wire based or wireless connection 30 between the mobile 
telephone 1 and a server 31 connected to the 
telecommunication network 21. 

Moreover, the mobile telephone 1 of the embodiment 

20 shown in Fig. 1 comprises an infrared interface 15, such as 
an IrDA port, by means of which the mobile telephone 1 may 
be connected through a infrared link 40 to a second server 
41 for communicating data using a synchronization protocol, 
such as SyncML-DM/DS. 

25 The mobile telephone 1 also comprises a system or 

accessories connector 16, by means of which the mobile 
telephone 1 may be connected, through e.g. a serial cable 
50, to a third server 51, for communicating data using a 
synchronization protocol, such as SyncML-DM/DS. 

30 Additionally, the mobile telephone 1 comprises a 

second antenna 17 for establishing a short-range radio link 
60, such as a Bluetooth link, to a fourth server 61, for 
communicating data using a synchronization protocol. 

As is understood, not all mobile telephones 1 of the 

35 invention have all the above mentioned communication 
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possibilities for communicating data, but can have one or 
more in different embodiments. Also, the server may be 
embodied as a pc (personal computer) , or another electronic 
user apparatus adapted to communicate data according to a 

5 synchronization protocol, such as SyncML-DM/DS . 

At SyncML level of data transmission between the 
mobile telephone 1 and the server 31, 41, 51, 61 
authentication is provided by utilizing the SyncML-DM/DS 
protocol for carrying information of the authentication 

10 method to be used, such as SIM/USIM authentication, which 
will be further disclosed below. According to the 
invention, a number of different authentication methods may 
be utilized when the SyncML-DM/DS protocol is used for 
communicating messages. The authentication method to be 

15 used is specified according to the same principals as in 

the existing SyncML-DM/DS authentication protocol, although 
in a much more flexible manner. For signaling the 
authentication method being used an authentication 
indicator (AMI), sometimes referred to as the mechanism, is 

20 provided when the SyncML-DM/DS protocol is utilized. The 
AMI substitutes the authentication directive of the meta 
command of the conventional SyncML-DM/DS protocol when data 
is communicated according to the SyncML-DM/DS protocol. 
Further, any data relating to the specific authentication 

25 method utilized is incorporated in a data string of the 
message sent according to the SyncML-DM/DS protocol. 

In one embodiment of the invention GSM SIM or UMTS 
USIM authentication and integrity protection is utilized. 
This provides authentication of the mobile telephone 1 and 

30 integrity protection of data sent between said telephone 1 
and the server 31, 41, 51, 61. Also, USIM authentication 
provides the additional possibility of server 
authentication. As should be noticed, other authentication 
techniques are equally well possible, such as PKI based 

35 schemes, e.g. WPKI and WIM, and proprietary authentication 
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token technology, e.g. Secureld or Safeword as the 
authentication method. 

The AMI is a variable indicating the algorithm (s) 
used to produce the message digest of the message being 
5 sent using the SyncML-DM/DS protocol, and the specific 

authentication method, which is to be specified. The value 
of the AMI depends on the authentication method used. As is 
indicated above, the mobile telephone 1 may be adapted to 
execute authentication according to one or more 
10 authentication methods. 

In the following, an exemplary embodiment according 
to the invention will be presented, wherein the message 
flow between the mobile telephone 1 and the server 31, 41, 
51, 61 is disclosed. In the exemplary embodiment, SIM/USIM 
authentication and integrity protection will be described 
with reference to Figs. 2, 4, and 5. 

At a first step 100 of Fig. 2, an initializing 
message, indicated as "Initial L3 message" in Figs. 4 and 
5, is sent from the mobile telephone 1 to the server 31, 
41, 51, 61. The general purpose of the initialization 
message is to establish a connection between the mobile 
telephone 1 and the server 31, 41, 51, 61. Also, said 
message may comprise other information, such as information 
of the type of device that sent the initialization message, 
25 and the identity of the mobile telephone 1 such as IMSI 
(international mobile subscriber identity) and Ki 
(subscriber authentication key) . The AMI, or a list of AMIs 
for indicating more than one authentication capability, can 
be incorporated in the initialization message for 
30 indicating the authentication capabilities of the mobile 

telephone 1. As should be noted, the server 31, 41, 51, 61 
may also initiate the establishing of a connection between 
said server and the mobile telephone 1. This is executed in 
that the server 31, 41, 51, 61 transmits a server 
35 initialization message to the mobile telephone 1, whereupon 
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said telephone 1 transmits the initialization message when 
the server initialization message is received. 

Depending on e.g. the type of device sending the 
first, message, type of data bearer and transport protocol 
5 the server 31, 41, 51, 61 determines at step 101 the 
security level and type of security mechanism, such as 
SIM/USIM authentication, to be used. However, the security 
mechanism may equally well be preset, wherein the server 
31, 41, 51, 61 does not need to determine the 

10 authentication capabilities of the mobile telephone 1. In 
this embodiment, the server 31, 41, 51, 61 determines that 
the mobile telephone 1 capable of performing SIM/USIM 
authentication sent the message. Therefore, the server 31, 
41, 51, 61 starts SIM/USIM authentication at 102 by 

15 transmitting an authentication request comprising the 

subscriber identity (IMSI, Ki) to an AUG (authentication 
center) for deriving authentication variables (AVs) , 
possible via a home location register (HLR) . Based on the 
IMSI, the AUC generates authentication data, such as a 

20 challenge, which in this embodiment is a random number, or 
obtains a stored challenge based on the IMSI. Also, the AUC 
generates an XRES (expected result), based on the challenge 
and the Ki, or obtains a stored XRES by means of the IMSI. 
The XRES will be used in a later step for finalizing the 

25 authentication . 

In an alternative embodiment, the AUC also generates 
an CK/IK (cipher key/integrity key) based on the Ki and the 
challenge, which can be stored together with the XRES and 
the authentication data at the AUC and/or the server 31, 

30 41, 51, 61 and utilized for integrity protection. 

At step 103, the authentication data, XRES and CK/IK 
are then transmitted to the server, which is adapted to 
transmit the authentication data to the mobile telephone 1 
in the data string of the message according to the SyncML- 

35 DM/DS protocol. Also, the value of the AMI, indicating the 
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type of security mechanism used for generating the 
authentication data, XRES and CK/IK for authentication and 
integrity protection, i.e. SIM/USIM authentication in this 
embodiment, is incorporated into the message sent to the 

5 mobile telephone 1, as disclosed above. 

After receiving the AMI and the authentication data 
the mobile telephone determines the authentication method 
to be used by evaluating the AMI and performs the steps 
necessary according to the specific authentication method 

10 to create a response to be sent to the server 31/ 41, 51, 
61. Alternatively, the authentication method may be 
predetermined. As the steps necessary for executing 
SIM/USIM authentication at the mobile telephone 1 form no 
essential part of the invention per se, it will only be 

15 disclosed briefly in the following. 

In the exemplifying embodiment, the mobile telephone 
1, at step 104, generates a response by transmitting the 
authentication data to the SIM/USIM of the mobile telephone 
1. The SIM/USIM generates, based on the Ki of the 

20 subscription stored on the SIM/USIM and the authentication 
data, a response corresponding to the XRES stored in the 
server . 

In an alternative embodiment, integrity protection is 
also provided at step 105 if required. Therefore a shared 

25 secret key is required. In the embodiment where SIM/USIM is 
used as the authentication scheme, integrity protection 
using the CK/IK as good integrity keys is possible. 
Therefore, the mobile telephone 1 requests a CK/IK from the 
SIM/USIM, which generates a second integrity key based on 

30 the Ki and the value of the authentication data. 

Consequently, executing an authentication procedure, such 
as the GSM authentication procedure, or the UMTS AKA, which 
per se are believed to be known to the man skilled in the 
art, provides the CK/IK. As is also understood, the CK of 
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GSM authentication is used as an integrity key 
correspondingly to the IK of UMTS authentication. 

A hashing function, such as SHA-1 or MD5, can be 
utilized by the mobile telephone 1 for the integrity 

5 protection in the alternative embodiment. A value of a MAC 
parameter is computed as per RFC2104, with SHA-1 as its 
hashing function. However, other hashing functions may also 
be used according to the method of the invention. The 
computation of the MAC value relies upon the use of a 

10 shared secret (or key) . Therefore, according to the 

invention, the CK/IK generated by the SIM/USIM is utilized 
for the integrity protection, as is well known in the art. 
Also, a HMAC is computed on the entire SyncML-DM/DS 
message. Each SyncML-DM/DS message is constructed as 

15 normal, upon completion of the message the HMAC is 
computed. The HMAC is located in the header of the 
transport protocol, e.g. HTTP, WAP, or OBEX, called x- 
syncml-hmac, during transmission of the message. 

When the response is derived, and possibly the MAC 

20 and HMAC, the response is incorporated in the data string 
of the SyncML-DM/DS authentication protocol. Also, the AMI 
indicates the authentication method used, and the response 
message is transmitted from the mobile telephone 1 to the 
server 31, 41, 51, 61 at step 107. Upon reception, the 

25 server 31, 41, 51, 61 at step 108 begins the integrity 
control and finalizes authentication according to the 
authentication method specified by the AMI. 

•For finalizing the authentication according to 
SIM/USIM authentication, the server 31, 41, 51, 61 compares 

30 the response value with the value of the stored XRES for 
authentication control. If integrity protection is 
provided, the server also generates a MAC value based on 
the response message and the CK/IK received from the AUC to 
be compared with the value of the MAC sent in the data 

35 string of the SyncML-DM/DS protocol. As integrity 
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protection per se is not an essential part of the 
invention, the generation of MAC values and the comparing 
of said values is not further disclosed here. 

If USIM authentication is utilized, the mobile 

5 telephone 1 may transmit a user authentication reject to 
the server 31, 41, 51, 61 if the authentication fails, as 
is indicated in Fig. 5* 

In an alternative embodiment, the use of USIM 
authentication also provides the possibility of server 

10 authentication in addition to client authentication. The 
difference between the embodiment providing server 
authentication and the embodiments described above is that 
an additional server authentication variable AUTN 
(authentication tpken) is generated by the authentication 

15 center in addition to the challenge, CK/IK and XRES . The 

AUTN variable will be transmitted to the mobile telephone 1 
in the data string of the message incorporating the 
authentication data. Also in this embodiment the AMI is 
used for indication the type of authentication method 

20 utilized. When the mobile telephone 1 receives the AUTN 
variable, it will pass it on to the USIM, which will 
perform server authentication in addition to generating the 
response . 

In other embodiments of the invention, other 
25 authentication techniques can be utilized, which will be 

indicated by different AMI values comprised in the message, 
as set out above. In each embodiment, the authentication 
data necessary for performing authentication, such as 
certificates or codes, can be transmitted from the server 
30 31, 41, 51, 61 to the mobile telephone 1 by utilizing the 
data string of the message sent according to the SyncML- 
DM/DS protocol. 

In the following PKI based WIM authentication and 
integrity protection will be described briefly. In WIM 
35 authentication the initialization message is sent from the 
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mobile telephone 1 to the server 31, 41, 51, 61, 
correspondingly to SIM/USIM authentication. Then the server 
determines, if necessary, the capabilities of the mobile 
telephone, wherein WIM authentication is determined as the 

5 authentication method to utilize. Then, the server 

generates the AMI and a challenge to be transmitted to the 
mobile telephone according to the same principles as has 
been described above. When the mobile telephone 1 receives 
the authentication parameters, i.e. the AMI and the 

10 challenge, the mobile telephone 1 transmits the challenge 
to the WIM of the mobile telephone 1, which as a result 
generates a response in the form of a certificate, which is 
stored in the WIM. A certificate authority, as is well 
known to the man skilled in the art, issues the 

15 certificate. The response is then transmitted to the server 
according to the same principles as in the previous 
embodiments. The result may be encrypted using a public key 
of the server. Finally, when the server receives the 
result, said server will if necessary decrypt the message 

20 using the private key of the server 31, 41, 51, 61 and 

authenticate the response (certificate) by transmitting an 
authentication request to a certificate authority (CA) . 

In the authentication procedure, the server 31, 41, 
51, 61 will derive the public key of the mobile telephone 1 

25 from the CA. The public key of the mobile telephone may be 
utilized for providing integrity protection if preferred. 
If so, the server 31, 41, 51, 61 will generate a good IK 
based on random numbers, which is incorporated in a message 
encrypted using the public key of the mobile telephone 1. 

30 An hashing algorithm, as described above, is used on the 
encrypted message, whereupon the message is encrypted with 
the private key of the mobile telephone. The mobile 
telephone 1 will receive the encrypted message, decrypt it 
using the public key of the server, a hashing algorithm, 
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and the private key of the mobile telephone 1 for 
finalizing the integrity protection. 

Other possibilities of integrity protection when WIM 
based authentication are utilized. One example is to 

5 provide the encrypted IK together with the challenge in the 
data string of the first message sent from the server 31, 
41, 51 , 61 to the mobile telephone 1, which will be 
incorporated in the data string of the message. 

As is mentioned above, also Safeword and Secureld are 

10 possible to use as the authentication method. These methods 
may be used according to the same principles as described 
in relation to the above embodiments and according to the 
following dependent and independent claims. Therefore, 
these authentication methods will not be described in any 

15 further detail, as messages will flow between the mobile 

telephone 1 and the server 31, 41, 51, 61 using the SyncML- 
DM/DS protocol having a AMI for indicating the 
authentication method and a data string for carrying any 
authentication data . 

20 As an option, the authentication data can be used to 

prevent replay attacks. In 3GPP the server, 31, 41, 51,61 
can e.g. use the equivalent of the AKA FRESH parameter as 
the value of the authentication data. This value, together 
with the parameter-nonce count is used for full anti-replay 

25 protection. 

The method has been described as providing an 
authentication method indicator (AMI) and utilizing a data 
string for carrying authentication data, which relates to 
the specific authentication method used, in a message to be 

30 sent according to a synchronization protocol, such as the 

SyncML-DM/DS protocol. However, it should be noted that the 
method is not limited to the SyncML-DM/DS protocol. It is 
equally well possible to implement the method of the 
invention also below the SyncML layer in transport 

35 protocols such as http or Obex. 
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CLAIMS 

1. A method for providing authentication when 
messages are sent between an electronic communication 
apparatus (1) and a server (3, 41, 51, 61) according to a 
synchronization protocol, characterized in that an 
authentication method indicator (AMI) is incorporated in an 
authentication protocol of the synchronization protocol, 
wherein said AMI specifies an authentication method 
according to which the authentication is executed. 



2. The method according to claim 1, wherein the AMI is 
incorporated in the meta command of the synchronization 

15 protocol and based on the authentication capabilities of 
the apparatus (1) . 

3. The method according to claim 1 or 2, wherein at 
least one authentication capability of the electronic 

20 communication apparatus es indicated in an authentication 
method list of an initialization message sent to the server 
(31, 41, 51, 61) for establishing a connection. 

4. The method according to any of the previous 

25 claims, wherein any authentication data relating to the 

specified authentication method is incorporated in a data 
string of the synchronization protocol. 

5. The method according to any of the previous 

30 claims, wherein the specified authentication method is GSM 
SIM authentication. 



35 



6. The method according to any of the claims 1-4 f 
wherein the specified authentication method is UMTS USIM 
authentication, which also provides server authentication. 
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7. The method according to any of the claims 1-4 , 
wherein the specified authentication method is WPKI or WIM 
authentication . 

5 8. The method according to any of the claims 1-4 , 

wherein the specified authentication method is Secureld or 
SafeWord authentication. 

9. The method according to any of the claims 3-7, 
10 wherein the server (31, 41, 51, 61) determines the 

authentication capabilities of the electronic communication 
apparatus (1) based on the at least one authentication 
method listed in the authentication method list. 

15 10. The method according to claim 9, wherein the 

server (31, 41, 51, 61) executes any necessary 
authentication steps according to one of the at least one 
authentication methods indicated in the authentication 
method list, and prepares and transmits a message to the 

20 electronic communication apparatus (1), comprising the AMI 
and any authentication data relating to the specified 
authentication method, in the data string of the message. 

11. The method according to claim 10, wherein the 
25 electronic communication apparatus (1) receives the 

message, executes any necessary authentication steps 
according to the authentication method indicated by the AMI 
to generate an expected result, and prepares and transmits 
a response to the server, comprising the AMI, and any 
30 authentication data in the data string of the message. 

12. The method according to any of the claims 1-6 and 
9-11, wherein integrity protection is provided by utilizing 
CKs/IKs (cipher keys/integrity keys) generated by the 

35 electronic communication apparatus (1) and the server (31, 
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41", 51, 61), respectively, when SIM/USIM authentication is 
executed, which CK/IK is used for generating MAC values and 
using a hashing function for computing a HMAC on the entire 
message to be sent. 

5 

13. The method according to any of the claims 7 or 9- 
11, wherein integrity protection is provided in that the 
server generates a good integrity key, which is encrypted 
with the public key of the electronic communication 

10 apparatus (1), which is generated during the authentication 
procedure, said integrity key is sent to said apparatus 
(1), and utilized for generating MAC values and using a 
hashing function for computing a HMAC on the entire message 
to be sent. 

15 

14. The method according to claim 12 or 13, wherein 
the MAC value is computed as per RFC2104 . 

15. The method according to any of the claims 12-14, 
20 wherein the method utilizes SHA-1 as the hashing function. 

16. The method according to any of the previous 
claims, wherein the protocol is the SyncML-DM protocol or 
the SyncML-DS protocol. 

25 

17. The method according to any of the previous 
claims, wherein the protocol is the Obex, http, or WSP 
protocol . 

30 18. An electronic communication apparatus adapted to 

provide authentication when messages are exchanged with a 
server according to a synchronization protocol, 
characterized- in that the apparatus is further adapted to 
incorporate an authentication method indicator (AMI) in the 

35 authentication protocol of the synchronization protocol for 
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indicating a specific type of authentication method, 
according to which the authentication is executed. 

19. The apparatus according to claim 18 , wherein the 
5 apparatus (1) is further adapted to send an initialization 
message to the server for establishing a connection, which 
message indicates the authentication capabilities of the 
apparatus . 

10 20. The apparatus according to claim 19, wherein the 

initialization message comprises an authentication method 
list having at least one authentication method listed, type 
of apparatus, and/or identity of the apparatus (1) . 

15 21. The apparatus according to claim 18, wherein the 

apparatus (1) is further adapted to determine the type of 
authentication method to use from the authentication method 
indicator of a message received from the server (31, 41, 
51, 61) . 

20 

22. The apparatus according to any of the claims 18- . 
21, wherein the apparatus (1) is further adapted to execute 
any of the steps necessary according to the specified 
authentication method. 

25 

23. The apparatus according to claim 22, wherein the 
apparatus (1) is further adapted to incorporate any 
authentication data in a data string of the message to be 
sent according to the synchronization protocol. 

30 

24. The apparatus according to any of the claims 18- 
23, wherein the apparatus (1) is further adapted to provide 
integrity protection by utilizing an IK (integrity key) for 
generating a MAC, and utilizing a hashing function for 

35 computing a HMAC on the entire message. 
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25. The apparatus according to claim 24, wherein the 
apparatus (1) is adapted to compute the MAC value as per 
RFC2104 . 

5 

26. The apparatus according to claim 24 or 25, 
wherein the apparatus (1) is further adapted to utilize 
SHA-1 as the hashing function. 

10 27. The apparatus according to any of the claims 18- 

26, wherein the protocol is the SyncML-DM protocol or the 
SyncML-DS protocol. 

28. The apparatus according to any of the claims 18- 
15 26, wherein the protocol is the Obex, http, or WSP 

protocol . 

29. The apparatus according to any of the claims 18- 
28 , wherein the apparatus (1) is further adapted to utilize 

20 GSM SIM authentication as the authentication method. 

30. The apparatus according to any of the claims 18- 
28, wherein the apparatus (1) is adapted to utilize UMTS 
USIM authentication as the authentication method and 

25 provide server authentication. 

31. The method according to any of the claims 18-28, 
wherein apparatus (1) is further adapted to utilize 
Secureld, SafeWord, WPKI or WIM authentication as the 

30 authentication method. 

32. The apparatus according to any of the claims 18- 
31, wherein the apparatus is a pager, an electronic 
organizer, or a smartphone. 

35 
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33. The apparatus according to any of the claims 18- 
31 , wherein the apparatus is a mobile telephone (1) . 

34. A server adapted to provide authentication when 

5 messages are exchanged with an apparatus (1) according to a 
synchronization protocol, characterized in that the server 
(31, 41, 51, 61) is further adapted to incorporate an 
authentication method indicator (AMI) in the authentication 
protocol of the synchronization protocol for indicating an 
10 authentication method, according to which the 
authentication is executed. 

35. The server according to claim 34, wherein the 
server (31, 41, 51, 61) is further adapted to incorporate 

15 any authentication data in a data string of the 
synchronization protocol. 

36. The server according to claim 34 or 35, wherein 
the server (31, 41, 51, 61) is further adapted to determine 

20 from a received initialization message the authentication 
capabilities of the apparatus (1) and further determine a 
specific authentication method to utilize therefrom. 

37. The server according to claim 36, wherein the 
25 server (31, 41, 51, 61) is further adapted to execute 

authentication according to the determined authentication 
method. 

38. The server according to any of the claims 34-37, 
30 wherein the server (31, 41, 51, 61) is further adapted to 

provide integrity protection by utilizing an IK (integrity 
key) for generating a MAC, and utilizing a hashing function 
for computing- a HMAC . 
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39. The server according to claim 38, wherein the 
server (31, 41, 51, 61) is adapted to derive the MAC value 
as per RFC2104. 

5 40. The server according to claim 38 or 39, wherein 

the server (31, 41, 51, 61) is further adapted to utilize 
SHA-1 as the hashing function. 

41. The server according to any of the claims 34-40, 
10 wherein the protocol is the SyncML-DM prctocol or the 
SyncML-DS protocol . 

42- The server according to any of the claims 34-41, 
wherein the protocol is the Obex, http, or WSP protocol. 



15 



20 



43. The server according to any of the claims 34-42, 
wherein the server (31, 41, 51, 61) is further adapted to 
utilize GSM SIM authentication as the authentication 
method. 



44. The server according to any of the claims 34-42, 
wherein the server (31, 41, 51, 61) is further adapted to 
utilize UMTS USIM authentication as the authentication 
method and provide server authentication variable to the 

25 electronic user equipment (1). 

45. The server according to any of the claims 34-42, 
wherein server is further adapted to utilize Secureld, 
SafeWord, WPKI or WIM authentication as the authentication 

30 method. 
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